openSUSE-SU-2024:0203-1

Опубликовано: 17 июл. 2024

Источник: suse-cvrf

Описание

Security update for znc

This update for znc fixes the following issues:

Update to 1.9.1 (boo#1227393, CVE-2024-39844)

This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all.
Improve tooltips in webadmin.

znc-1.9.1-bp156.2.3.1

znc-devel-1.9.1-bp156.2.3.1

znc-lang-1.9.1-bp156.2.3.1

znc-perl-1.9.1-bp156.2.3.1

znc-python3-1.9.1-bp156.2.3.1

znc-tcl-1.9.1-bp156.2.3.1

znc-1.9.1-bp156.2.3.1

znc-devel-1.9.1-bp156.2.3.1

znc-lang-1.9.1-bp156.2.3.1

znc-perl-1.9.1-bp156.2.3.1

znc-python3-1.9.1-bp156.2.3.1

znc-tcl-1.9.1-bp156.2.3.1

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.

SUSE Package Hub 15 SP6:znc-1.9.1-bp156.2.3.1

SUSE Package Hub 15 SP6:znc-devel-1.9.1-bp156.2.3.1

SUSE Package Hub 15 SP6:znc-lang-1.9.1-bp156.2.3.1

SUSE Package Hub 15 SP6:znc-perl-1.9.1-bp156.2.3.1